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REMARKS/ARGUMENTS 

Prior to the entry of this Amendment, claims 1-48 were pending in this 
Application. No claims have been amended, no claims have been added, and no claims have 
been canceled herein. Therefore claims 1-48 remain pending in this application. Applicants 
respectfully request reconsideration of these claims for at least the reasons presented below. 

35 U.S.C. <S 103 Rejection. Boltz in view of Purpura 

Claims 1-48 were previously rejected under 35 U.S.C. § 103(a) as being 
unpatentable over U. S. Patent No. 6,981,043 B2 of Botz et al. (hereinafter Botz") in view of 
U. S. Patent No. 6,421,768 Bl of Purpura et al. (hereinafter "Purpura"). The Applicant 
respectfully submits that the Office Action does not establish a prima facie case of obviousness 
in rejecting these claims. Therefore, the Applicant requests reconsideration and withdrawal of 
the rejection. 

In order to establish a prima facie case of obviousness, the Office Action must 
establish: 1) some suggestion or motivation, either in the references themselves or in the 
knowledge generally available to one of ordinary skill in the art, to modify the references or 
combine their teachings; 2) a reasonable expectation of success of such a modification or 
combination; and 3) a teaching or suggestion in the cited prior art of each claimed limitation. 
See MPEP § 706.02(j). However, as will be discussed below, the references cited by the Office 
Action do not teach or suggest each claimed limitation. For example, neither reference, alone or 
in combination, teaches or suggests authorizing a first user to access a system or resource as a 
second user. Furthermore, neither reference, alone or in combination, teaches or suggests 
authorizing a first user to access a system or resource as a second user based on authentication 
credentials of the first user. 
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Botz relates to "an apparatus and method allow a system administrator to manage 
multiple user identities in multiple user registries in different processing environments." (Col. 2, 
lines 12-15) Under Botz "an identity mapping mechanism is provided that includes a directory 
service that includes entries that reference user identities in the multiple registries, and that 
reference identity mappings between those entries." (Col. 2, lines 15-19) That is, Botz teaches 
identifying a user's accounts on different systems. Specifically, Botz "provides the infrastructure 
for correlating multiple user identities in these different environments to a sinele user " (Col. 5, 
lines 47-50) For example, "a user may enter security information for one local user identity, and 
an operating system or application may use the identity mapping mechanism of [Botz] to 
determine corresponding security information on a different platform or application." (Col. 5, 
lines 55-60) 

However, Botz does not teach or suggest authorizing a first user to access a 
system or resource as a second user. To show support for the argument that Botz does in fact 
teach such "impersonation," the Office Action cites col. 12, lines 1-14 of Botz. This paragraph 
states, in it entirety: 

"One significant advantage of the present invention is that the security semantics 
for each environment are maintained, yet the security information for one 
environment may be mapped to equivalent security information in a different 
environment. This capability avoids the need for a user to remember multiple 
identities and passwords for the different environments. Once the user is 
authenticated for one environment, the identity mapping mechanism of the 
preferred embodiments can be used to find an appropriate identity in a 
different user registry that is associated with the authenticated user , and 
impersonate the associated identity or otherwise apply the security semantics of 
the second user registry in order to access data protected by its security 
semantics." (Emphasis added) 

It is clear from this paragraph, especially when read in light of the previously 
cited sections of Botz, that Botz does not teach of suggest authorizing a first user to access a 
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system or resource as a second user. Rather, as explicitly stated in Botz and quoted above, Botz 
teaches correlating multiple user identities in different environments to a single user . 

Nevertheless, the Advisory Action contends that "Botz discloses a system in 
which the system administrator can indeed access the system and impersonate another user . . . 
and that access level can be extended to other users of the system." The Applicants respectfully 
but strongly disagree. Nothing in Botz teaches or suggests allowing the administrator to access 
the system and impersonate another user. Furthermore, nothing in Botz teaches or suggests 
authorizing a first user to access a system or resource as a second user based on authentication 
credentials of the first user. 

Rather, Botz only discloses correlating multiple user identities (i.e., user names or 
aliases) in different environments to a single user, i.e., mapping the aliases used by a given user 
on multiple systems. That is, Botz teaches a way to discover that Joe logs onto system A with 
username X and logs onto system B with username Y. Further, once Joe has logged onto system 
A, he does not need to log onto system B since he has already been authenticated as being Joe 
based on his own authentication credentials. However, Botz does not teach or suggest allowing 
Joe to log onto any system as Harry using only Joe's authentication crednetials, even if Joe is the 
administrator. If Joe wanted to log on as Harry under Botz, he would presumably need to have 
access to Harry's authentication credentials as described in the background section of the pending 
application. 

Purpura is directed to "securely transferring user authentication information from 
a first computer to one or more other computers to allow the user to interact with the other 
computers without necessarily having to explicitly identify himself thereto." (Col. 1, lines 8-12 
and col. 2, lines 19-22) More specifically, Purpura teaches a single sign-on method. (Col. 2, 
lines 23-24) "Thus, if a second computer trusts the methods used by a first computer to 
authenticate a user, then the second computer can use a cryptographically assured cookie created 
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by the first computer to authenticate the user, without requiring the user to perform an explicit 
authentication step at the second computer." (Col. 2, lines 24-29) 

That is, Purpura discloses a single sign-on method that, as is typical of single 
sign-on, allows a user to access a second computer system based on his access of a first computer 
system. In other words, under Purpura, a user can logon to or access a first system which 
performs any necessary authentication. The first system then issues a token, in this case, a 
"cryptographically assured cookie," to the user. The same user can then use this token to access 
other systems without re-authenticating. However, Purpura does not disclose impersonation, 
i.e., authorizing a first user to access a system or resource as a second user. 

The combination of Botz and Purpura is no more relevant to the pending claims 
than either reference alone since neither reference, alone or in combination, teaches or suggests 
authorizing a first user to access a system or resource as a second user. Rather, Botz teaches 
correlating multiple user identities in different environments to a single user. Similarly, Purpura 
teaches allowing a user to access a system based on a token provided by another system, i.e., a 
single sign-on method that allows a user to access a second computer system based on his access 
of a first computer system. Thus, both Botz and Purpura teach allowing a particular, single user 
to access different systems or environments based on his access of one system or environment. 
However, neither reference, alone or in combination, teaches or suggests authorizing a first user 
to access a system or resource as a second user. Furthermore, neither reference, alone or in 
combination, teaches or suggests authorizing a first user to access a system or resource as a 
second user based on authentication credentials of the first user. 

Claim 1, upon which claims 2-15 depend, claim 28, upon which claims 29-38 
depend, and claim 35, upon which claims 36-38 depend, each recite in part "receiving 
authentication credentials for a first user and an identification of a second user; authenticating 
said first user based on said authentication credentials for said first user; creating a cookie that 
stores an indication of said second user if said step of authenticating is performed successfully; 
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and authorizing said first user to access a first resource as said second user based on said 
cookie." Neither reference, alone or in combination, teaches or suggests, authorizing a first user 
to access a first resource as a second user. Rather, Botz teaches correlating multiple user 
identities in different environments to a single user while Purpura teaches allowing a user to 
access a system based on a token provided by another system, i.e., single sign-on. Furthermore, 
neither reference, alone or in combination, teaches or suggests authorizing a first user to access a 
system or resource as a second user based on authentication credentials of the first user. For at 
least these reasons, claims 1-15, 28-38, and 35-38 should be allowed. 

Claim 16, upon which claims 17-23 depend, claim 39, upon which claims 40-44 
depend, and claim 45, upon which claims 46-48 depend, each recite in part "receiving 
authentication credentials for an impersonator and an identification of an impersonatee at an 
access system, wherein said access system protects a first resource that is separate from said 
access system; authenticating said impersonator based on said authentication credentials for said 
impersonator, wherein said step of authenticating is performed by said access system; and 
authorizing said impersonator to access said first resource as said impersonatee, wherein said 
step of authorizing is performed by said access system." Neither reference, alone or in 
combination, teaches or suggests, authorizing a first user to access a first resource as a second 
user. Rather, Botz teaches correlating multiple user identities in different environments to a 
single user while Purpura teaches allowing a user to access a system based on a token provided 
by another system, i.e., single sign-on. Furthermore, neither reference, alone or in combination, 
teaches or suggests authorizing a first user to access a system or resource as a second user based 
on authentication credentials of the first user. For at least these reasons, claims 16-23, and 39-48 
should be allowed. 

Claim 24, upon which claims 25-27 depend, recites in part "receiving 
authentication credentials for the first entity and an identification of the second entity at an 
access system, wherein said access system protects a plurality of resources; receiving an 
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indication of one or more of said plurality of resources; authenticating said first entity based on 
said authentication credentials for said first entity, wherein said step of authenticating is 
performed by said access system; and authorizing said first entity to access said one or more of 
said plurality of resources as said second entity, wherein said step of authorizing is performed by 
said access system." Neither reference, alone or in combination, teaches or suggests, authorizing 
a first user to access a first resource as a second user. Rather, Botz teaches correlating multiple 
user identities in different environments to a single user while Purpura teaches allowing a user to 
access a system based on a token provided by another system, i.e., single sign-on. Furthermore, 
neither reference, alone or in combination, teaches or suggests authorizing a first user to access a 
system or resource as a second user based on authentication credentials of the first user. For at 
least these reasons, claims 24-27 should be allowed. 



In view of the foregoing, Applicants believe all claims now pending in this 



Application are in condition for allowance. The issuance of a formal Notice of Allowance at an 

early date is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 

this application, please telephone the undersigned at 303-571-4000. 
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Respectfully submitted, 



William J. Daley 
Reg. No. 52,471 




